question

redamaleki-1110 avatar image
0 Votes"
redamaleki-1110 asked ·

Cloud Azure MFA to secure on-prem Exchnage Server OWA without ADFS

Microsoft no longer supports MFA server for new deployments, but recommends using the NPS Extension for MFA configuration.

Hybrid Modern Authentication works for Outlook clients, but does not appear to provide MFA enforcement for OWA. In our scenario, we have Azure AD Connect deployed with pass-through authentication (No ADFS). Is there a way to enforce MFA on OWA for end users either using the NPS extension or another AD cloud service? We have Exchange 2016 Server with CU 15 deployed.

azure-active-directoryazure-ad-connectazure-ad-multi-factor-authenticationazure-ad-authentication
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

jLight avatar image
0 Votes"
jLight answered ·

You might try setting up a Conditional Access requiring MFA and then selecting Office 365 application (cloud apps, not the software).


7251-chrome-ahyrvspbjs.png



· 2 · Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks for the help but this does not apply to my question. My question is for OWA provided by an on-premise Exchange Server, not Office 365 (Exchange Online). Exchange Online natively supports MFA, and only needs to be set to require MFA from within Azure AD. Users with on-premise Mailboxes must log in through OWA on premise, and OWA is an IIS web app integrated with Exchange Server on-premise.

0 Votes 0 · ·
jLight avatar image jLight redamaleki-1110 ·

Thinking on the lines of Application Proxy, then you can apply Conditional Access to the traffic (hence requiring MFA.

https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy
https://thesleepyadmins.com/2019/02/10/configure-mfa-for-azure-application-proxy/

1 Vote 1 · ·